Is it possible to configure the openssh (5.8p1) daemon to check both
PubkeyAuthentication and PasswordAuthentication before accepting the user?
Another possibility would be to do the password authentication within
the ssh daemon and then use ForcedCommand to start a script which first
checks the public key (which is loaded into an agent) and then spawns
the real shell. Is there an easy way to do such a check?